Re: Updates of SE-PostgreSQL 8.4devel patches (r1704)

KaiGai Kohei <kaigai@kaigai.gr.jp> writes:

> Heikki Linnakangas wrote:
>> If we drop the goal of trying to restrict what a superuser can do, is the
>> patch still useful?
>
> I want to keep permission checks on files specified by users, because
> the "superuser" permission affects very wide scope, and all or nothing
> policy in other word.
> However, the combination of clients and files is not so simple, and
> I think it is necessary to apply permission checks individually.

I would think the big advantage of something like SELinux is precisely in
cases like this. So for example a client that has a capability that allows him
to read a file can pass that capability to the server and be able to use COPY
to read it directly on the server.

--  Gregory Stark EnterpriseDB          http://www.enterprisedb.com Ask me about EnterpriseDB's PostGIS support!